svn commit: r545113 - head/security/vuxml
Steve Wills
swills at FreeBSD.org
Sun Aug 16 13:27:18 UTC 2020
Author: swills
Date: Sun Aug 16 13:27:17 2020
New Revision: 545113
URL: https://svnweb.freebsd.org/changeset/ports/545113
Log:
Document py-ecdsa issue
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Aug 16 13:20:33 2020 (r545112)
+++ head/security/vuxml/vuln.xml Sun Aug 16 13:27:17 2020 (r545113)
@@ -58,6 +58,38 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="a23ebf36-e8b6-4665-b0f3-4c977f9a145c">
+ <topic>security/py-ecdsa -- multiple issues</topic>
+ <affects>
+ <package>
+ <name>py27-ecdsa</name>
+ <range><le>0.13.3</le></range>
+ </package>
+ <package>
+ <name>py37-ecdsa</name>
+ <range><le>0.13.3</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>py-ecdsa developers report:</p>
+ <blockquote cite="https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3">
+ <p>Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding.</p>
+ <p>Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3</url>
+ <cvename>CVE-2019-14853</cvename>
+ <cvename>CVE-2019-14859</cvename>
+ </references>
+ <dates>
+ <discovery>2019-10-07</discovery>
+ <entry>2020-08-16</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b8ea5b66-deff-11ea-adef-641c67a117d8">
<topic>snmptt -- malicious shell code</topic>
<affects>
More information about the svn-ports-head
mailing list